Dr Clèm's Blog

Tags: Apache HTTP Server Git

Server Git repository with Apache HTTP Server - Smart HTTP

Wednesday Oct 25, 2017 18:59, last edition on Wednesday Oct 25, 2017 20:17
There is a lot of outdated documentations about how to make your git repositories available through HTTP, even in the official Reference Manual. There are not working, not well documented, and trying to adjust them can lead to serious security issues like allowing anonymous users to push commits. After hours of reading the official manual, discussions about people struggling with the configuration, I finally managed to have a working set up with the expected behavior. What I want to do is sharing one of my repositories through HTTP with Apache HTTP Server with anonymous users allowed to pull and clone, and only register users allowed to push, which is the expected behavior in most cases. This for Apache HTTP Server version 2.4 because the configuration changed compare to version 2.2. The first step is to enable the required mods
# a2enmod cgi alias env
# systemctl restart apache2
With mpm event instead of prefork, which the case is you enables HTTP/2 on Ubuntu Xenial, you will have a warning about the fact it enable cgid, not cgi, but it does not affect this configuration. The second step is to change your virtual host. You need to choose a method to authenticate the users. Because I will be the only one to push commit, I will use the most simple configuration which is AuthType Basic. You can choose other ones, but I will not cover it. You need to create a file that contains users and their password, if not already done. To create the user USER in the file /etc/htpasswd/.htpasswd
# mkdir -p /etc/htpasswd/
# htpasswd -c /etc/htpasswd/.htpasswd USER
Now, if you want to server repositories stored in /var/www/git with the URL mydomain.tld/git/ change your virtual host by adding the following lines
SetEnv GIT_PROJECT_ROOT /var/www/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
<Files "git-http-backend">
 AuthType Basic
 AuthName "Git Access"
 AuthUserFile /etc/htpasswd/.htpasswd
 Require expr !(%{QUERY_STRING} -strmatch '*service=git-receive-pack*' || %{REQUEST_URI} =~ m#/git-receive-pack$#)
 Require valid-user
</Files>
Restart Apache HTTP Server and your are done!
# systemctl restart apache2
This is done!
To go a bit further about git, let us consider that you have a local repository called MyProject that you want to share. On the webserver, you need to initialize the repository
# mkdir -p /var/git/MyProject.git
# cd /var/git/MyProject.git
# git init --bare
# chown -R www-data:www-data /var/git/
The last command set the proper ownership on the files. If you don't do it, you will be able to push locally but not remotely. For the next repository, you will not need to perform the command on the whole directory. Just do
# mkdir /var/git/MyNEWProject.git
# cd /var/git/MyNEWProject.git
# git init --bare
# chown -R www-data:www-data /var/git/MyNEWProject.git
Now, push your project from your computer to the web server
% git remote set-url origin --push --add https://USER:PASSWORD@mydomain.tld/git/MyProject.git
% git remote -v
origin https://USER:PASSWORD@mydomain.tld/git/MyProject.git
% git push Delta compression using up to 8 threads.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 20.15 KiB | 0 bytes/s, done.
Total 9 (delta 1), reused 0 (delta 0)
To https://USER:PASSWORD@mydomain.tld/git/MyProject.git
 * [new branch]      master -> master
The second line just check that the previous command worked. On another computer, you can clone the project on other computers with
% git clone https://mydomain.tld/git/MyProject.git
If you try to push from the second computer, you will need to authenticate
% git push
Username for 'https://mydomain.tld': USER
Password for 'https://USER@mydomain.tld':
Counting objects: 2, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (2/2), 222 bytes | 0 bytes/s, done.
Total 2 (delta 1), reused 0 (delta 0)
To https://mydomain.tld/git/MyProject.git
   bc49af8..f7121b5  master -> master
To add the authentication
% git remote set-url origin --push --delete https://mydomain.tld/git/MyProject.git
% git remote set-url origin --push --add https://USER:PASSWORD@mydomain.tld/git/MyProject.git
and you are done!
Mastodon Follow me Mastodon Share
Comments
There is no comment yet.
Dr Clément Février

I am Dr Clément Février, French, living in Grenoble. I defended my PhD on July 4th, 2016. After my defense I run as deputy deputy (not a typo) for the national parliamentary elections in the 1st circonscription of Isère for the political movement La France Insoumise.


Ça se passe dans l'Ain (entre autre). La France n'a pas les moyens de mettre 10000€ pour faire une enquête sur des malformations de bébés, on doit vraiment être un des pays les plus pauvre de la planète. L'État abandonnait déjà les vieux avec les retraites (ça coûte trop cher), la santé (ça coûte trop cher), la sécurité (ça coûte trop cher), la recherche (ça coûte trop cher), les pauvres (ça coûte trop cher), l'environnement (ça coûte trop cher),

mamot.fr/@LeMediaTV/1032052807

"Les états-unis [gentil] aurait espionner Assange [méchant]" (sauf dans Médiapart)
"Durant la manifestation, 15 policiers ont été gravement blessés par des projectiles a base d’œufs et de farines lancés par les manifestants, désigné de "ultra" par le gouvernement, et 12 manifestants auraient été légèrement blessés par des projectiles de provenances inconnus"

Si le gentil est accusé d'une exaction, alors non seulement le conditionnel est utilisé, mais en plus, les propos sont rapportés par le méchant. Exemple : "Selon [gilet jaune/Erdogan/Putin/Trump], le [gouvernement/kurdes/USA/UnPeuToutLeMonde] aurait fait un truc mal."
"Selon Erdogan [méchant], le PKK [gentil] est a l'origine de l'attaque suicide qui a tué des dizaines de civiles sur la place public."
"Erdogan [méchant] a lancé l'offensive contre les kurdes [gentils]"

"Gilet jaune blessé : les "selon" du 20 Heures" par Arrêt sur Images.

Maintenant, regardez n'importe quel article, si le conditionnel est utilisé sauf pour les exactions, où le présent de vérité général est utilisé, alors c'est un méchant/ennemis/terroriste/"ultra"/dictateur/..., si au contraire, le présent de vérité général est utilisé par défaut, alors c'est un gentil.

arretsurimages.net/emissions/c